Knowledge Base::DBSA:2013-0006

Views

Disclaimer: as technology changes, advisories may become out of date or may no longer be relevant, please refer to the "Date" section of the header to be sure the advisory is recent as pertains to your situation.

Classification

Rationale: Users and organizations must act to ensure accounts are secured on sites and services on associated networks.

Severity: HIGH

Rationale: The impact is global across multiple high-profile financial sites.

Spread of Issue: CROSS-PLATFORM HIGH

Rationale: All systems that are Intenet-connected are affected.

Description

On 24 July 2013, multiple high-profile financial processing networks including banks and 'e-commerce' sites had their routes compromised by a network, identified by AS25459, "NedZone Internet BV" located in The Netherlands. This compromise saw traffic destined for those networks routed through the malicious provider or an unfiltered customer of theirs. The incident lasted from 15:37 (3:37 PM) UTC/GMT through to 15:41 (3:41 PM) UTC/GMT.

This route hijack had the effect of re-routing any and all traffic destined to such networks through AS25459 (the aforementioned network).

This could have contributed to an interruption during the morning of several networks accross the Internet in North America that was detected by Digibase.

Technical Details

Among the suspected compromised routes (since withdrawn) include the following networks:

Mitigation/Solution

All users that utilize services hosted by the above organizations should ensure accounts are secure and data secured. Users and organizations are advised to consider changing passwords if services were in use during that window of time and to ensure any communications with hosting providers noted in "Technical Details" were not compromised.